Soumettre la recherche
Mettre en ligne
Five Lines of Assurance A New ERM and IA Paradigm
•
Télécharger en tant que PPTX, PDF
•
1 j'aime
•
711 vues
T
Tim Leech
Suivre
Signaler
Partager
Signaler
Partager
1 sur 51
Télécharger maintenant
Recommandé
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr. Zar Rdj SE., M.Ak., QIA., QRMA., CRGP., CHRM
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
Enterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
Jeff B
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Tim Leech
Coso Erm(2)
Coso Erm(2)
deeptica
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
WolfPAC - Integrated Risk Management
Risk Management ERM Presentation
Risk Management ERM Presentation
alygale
Enterprise risk management
Enterprise risk management
Anu Damodaran
Recommandé
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr. Zar Rdj SE., M.Ak., QIA., QRMA., CRGP., CHRM
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
Aronson LLC
Enterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
Jeff B
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Paradigm Paralysis in ERM & IA EB7_p48-51 Tim Leech v2
Tim Leech
Coso Erm(2)
Coso Erm(2)
deeptica
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
WolfPAC - Integrated Risk Management
Risk Management ERM Presentation
Risk Management ERM Presentation
alygale
Enterprise risk management
Enterprise risk management
Anu Damodaran
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
regio12
#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana Budishevskaya
Alexei Sidorenko, CRMP
Risk Management Essentials for Bankers
Risk Management Essentials for Bankers
David Vu
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Andrew Smart
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Nik Hasyudeen
ERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
Risk Health Check
Risk Health Check
Ljuba Bogdanovich
Risk Management Frameworks
Risk Management Frameworks
Daniel Kapellmann Zafra
Enterprise Risk Management
Enterprise Risk Management
Anu Damodaran
Enterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham
Alexei Sidorenko, CRMP
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practice
Segun Ogunwale
#Corpriskforum2016 - Andy Cox
#Corpriskforum2016 - Andy Cox
Alexei Sidorenko, CRMP
Enterprise Risk Management
Enterprise Risk Management
Continuity and Resilience
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management Consultants
EMAC Consulting Group
How to assess risk for a company
How to assess risk for a company
OECDglobal
Enterprise Risk Management Erm
Enterprise Risk Management Erm
Nexus Aid
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
Colleen Beck-Domanico
IIA NL IAF.combining functions
IIA NL IAF.combining functions
Michel Kee
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls Monitoring
CaseWare IDEA
Second line of defense - advantages and set up
Second line of defense - advantages and set up
Jim McClanahan
Contenu connexe
Tendances
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
regio12
#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana Budishevskaya
Alexei Sidorenko, CRMP
Risk Management Essentials for Bankers
Risk Management Essentials for Bankers
David Vu
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Andrew Smart
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
Nik Hasyudeen
ERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Jorge Vaz Girão , CISA, PMP, PMDPro I, ERMCP
Risk Health Check
Risk Health Check
Ljuba Bogdanovich
Risk Management Frameworks
Risk Management Frameworks
Daniel Kapellmann Zafra
Enterprise Risk Management
Enterprise Risk Management
Anu Damodaran
Enterprise Risk Management
Enterprise Risk Management
GAURAV SHARMA
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham
Alexei Sidorenko, CRMP
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practice
Segun Ogunwale
#Corpriskforum2016 - Andy Cox
#Corpriskforum2016 - Andy Cox
Alexei Sidorenko, CRMP
Enterprise Risk Management
Enterprise Risk Management
Continuity and Resilience
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management Consultants
EMAC Consulting Group
How to assess risk for a company
How to assess risk for a company
OECDglobal
Enterprise Risk Management Erm
Enterprise Risk Management Erm
Nexus Aid
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
Colleen Beck-Domanico
Tendances
(19)
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
#Corpriskforum2016 - Tatiana Budishevskaya
#Corpriskforum2016 - Tatiana Budishevskaya
Risk Management Essentials for Bankers
Risk Management Essentials for Bankers
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Enterprise Risk Management ~ Inovastra
Enterprise Risk Management ~ Inovastra
ERM-Enterprise Risk Management
ERM-Enterprise Risk Management
Risk Health Check
Risk Health Check
Risk Management Frameworks
Risk Management Frameworks
Enterprise Risk Management
Enterprise Risk Management
Enterprise Risk Management
Enterprise Risk Management
#corpriskforum2016 - Julia Graham
#corpriskforum2016 - Julia Graham
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
Enterprise Risk Management (ERM); From theory to practice
Enterprise Risk Management (ERM); From theory to practice
#Corpriskforum2016 - Andy Cox
#Corpriskforum2016 - Andy Cox
Enterprise Risk Management
Enterprise Risk Management
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management Consultants
How to assess risk for a company
How to assess risk for a company
Enterprise Risk Management Erm
Enterprise Risk Management Erm
How to Build an Enterprise Risk Management Framework
How to Build an Enterprise Risk Management Framework
En vedette
IIA NL IAF.combining functions
IIA NL IAF.combining functions
Michel Kee
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls Monitoring
CaseWare IDEA
Second line of defense - advantages and set up
Second line of defense - advantages and set up
Jim McClanahan
Rest assured - the role of programme and project assurance
Rest assured - the role of programme and project assurance
Association for Project Management
Slide cia course ethics
Slide cia course ethics
M Iffan Fanani
Internal Auditor Roles
Internal Auditor Roles
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
Best Practices in Model Risk Audit
Best Practices in Model Risk Audit
Jacob Kosoff
Portifólio de patrocínio Global Risk Meeting 2011
Portifólio de patrocínio Global Risk Meeting 2011
Mariana Lima
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
Duncan O. Ogutu; CPA, CFE
EY FSO Internal Audit Services_final
EY FSO Internal Audit Services_final
Vincent Jorna
Weygandt kieso kimmel_ch08_fraud_internal control and cash
Weygandt kieso kimmel_ch08_fraud_internal control and cash
Tanjina Rahman
MASSI Consultoria e Treinamento - Consultoria especializada em Controles Inte...
MASSI Consultoria e Treinamento - Consultoria especializada em Controles Inte...
MASSI Consultoria e Treinamento
Governanca corporativa e controles internos - Boas práticas nas pequenas e mé...
Governanca corporativa e controles internos - Boas práticas nas pequenas e mé...
HSCE Ltda.
MATERA MVAR - Gestão de Controles Internos e Riscos Operacionais - Modelo FUNCEF
MATERA MVAR - Gestão de Controles Internos e Riscos Operacionais - Modelo FUNCEF
MVAR Solucoes e Servicos
Como aplicar o COSO para SOX e Controles Internos
Como aplicar o COSO para SOX e Controles Internos
CompanyWeb
Coso internal control integrated framework
Coso internal control integrated framework
Irfan Ahmed - ACA, CICA
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and control
Erwin Morales
Governance, Risk Management, and Internal Control
Governance, Risk Management, and Internal Control
International Federation of Accountants
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
rahmatmoelyana
Internal controls Purchasing, inventory,
Internal controls Purchasing, inventory,
Rose Hubbell
En vedette
(20)
IIA NL IAF.combining functions
IIA NL IAF.combining functions
The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls Monitoring
Second line of defense - advantages and set up
Second line of defense - advantages and set up
Rest assured - the role of programme and project assurance
Rest assured - the role of programme and project assurance
Slide cia course ethics
Slide cia course ethics
Internal Auditor Roles
Internal Auditor Roles
Best Practices in Model Risk Audit
Best Practices in Model Risk Audit
Portifólio de patrocínio Global Risk Meeting 2011
Portifólio de patrocínio Global Risk Meeting 2011
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
EY FSO Internal Audit Services_final
EY FSO Internal Audit Services_final
Weygandt kieso kimmel_ch08_fraud_internal control and cash
Weygandt kieso kimmel_ch08_fraud_internal control and cash
MASSI Consultoria e Treinamento - Consultoria especializada em Controles Inte...
MASSI Consultoria e Treinamento - Consultoria especializada em Controles Inte...
Governanca corporativa e controles internos - Boas práticas nas pequenas e mé...
Governanca corporativa e controles internos - Boas práticas nas pequenas e mé...
MATERA MVAR - Gestão de Controles Internos e Riscos Operacionais - Modelo FUNCEF
MATERA MVAR - Gestão de Controles Internos e Riscos Operacionais - Modelo FUNCEF
Como aplicar o COSO para SOX e Controles Internos
Como aplicar o COSO para SOX e Controles Internos
Coso internal control integrated framework
Coso internal control integrated framework
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and control
Governance, Risk Management, and Internal Control
Governance, Risk Management, and Internal Control
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widha...
Internal controls Purchasing, inventory,
Internal controls Purchasing, inventory,
Similaire à Five Lines of Assurance A New ERM and IA Paradigm
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and Per
TanaMaeskm
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
VALUES & SENSE
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Kevin Fryatt
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
David Fernandes
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
Case IQ
Enterprise 360 degree risk management
Enterprise 360 degree risk management
Infosys
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
Anthony Chiusano
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
Manoj Agarwal
21.04.2016 global perspective on risk management during economic slowdown
21.04.2016 global perspective on risk management during economic slowdown
The Business Council of Mongolia
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program
Alicia Edwards
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
Risk Management Institution of Australasia
Leading risk culture change webinar
Leading risk culture change webinar
FERMA
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi
SN Panigrahi, PMP
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Rahul Bhan (CA, CIA, MBA)
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Nidhi Gupta
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Nidhi Gupta
Certs-UEM-2015
Certs-UEM-2015
Yusof Mohd
10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process
Colleen Beck-Domanico
Similaire à Five Lines of Assurance A New ERM and IA Paradigm
(20)
Enterprise Risk Management Integrating with Strategy and Per
Enterprise Risk Management Integrating with Strategy and Per
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
2017 coso-erm-integrating-with-strategy-and-performance-executive-summary
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Case Study - Leveraging Risk Management for Future Growth - Published Final Copy
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
Enterprise 360 degree risk management
Enterprise 360 degree risk management
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
21.04.2016 global perspective on risk management during economic slowdown
21.04.2016 global perspective on risk management during economic slowdown
7 Key Elements Of An Enterprise Risk Management Program
7 Key Elements Of An Enterprise Risk Management Program
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
Leading risk culture change webinar
Leading risk culture change webinar
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Certs-UEM-2015
Certs-UEM-2015
10 Aspects of a Good Risk Appetite Implementation Process
10 Aspects of a Good Risk Appetite Implementation Process
Plus de Tim Leech
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
Tim Leech
ROS TL Response To COSO Sept 7 2016
ROS TL Response To COSO Sept 7 2016
Tim Leech
3LoDvs5LoA Elevating the Role of the Board and CEO Final Revise
3LoDvs5LoA Elevating the Role of the Board and CEO Final Revise
Tim Leech
TCB-DN-Risk-Culture Final
TCB-DN-Risk-Culture Final
Tim Leech
TCB-DN-Risk-Culture Final
TCB-DN-Risk-Culture Final
Tim Leech
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
Tim Leech
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
Tim Leech
Plus de Tim Leech
(7)
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
Is Internal Audit the Next Blackberry Part 1 ACCA IA Bulletin Dec 2016
ROS TL Response To COSO Sept 7 2016
ROS TL Response To COSO Sept 7 2016
3LoDvs5LoA Elevating the Role of the Board and CEO Final Revise
3LoDvs5LoA Elevating the Role of the Board and CEO Final Revise
TCB-DN-Risk-Culture Final
TCB-DN-Risk-Culture Final
TCB-DN-Risk-Culture Final
TCB-DN-Risk-Culture Final
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
Reinventing Internal Audit Final April 2015
Five Lines of Assurance A New ERM and IA Paradigm
1.
© Risk Oversight
Solutions Inc. Five Lines of Assurance: A New Paradigm in Internal Audit & ERM Tim Leech, Managing Director Risk Oversight Solutions Inc. timleech@riskoversightsolutions.com www.riskoversightsolutions.com
2.
© Risk Oversight
Solutions Inc. 2 Speaker Professional Profile Tim J. Leech, FCPA CIA CRMA CCSA CFE is Managing Director at Risk Oversight Solutions Inc. based in Oakville, Ontario, Canada and Sarasota, Florida. He has over 30 years of experience in the risk governance, internal audit, IT, and forensic accounting/litigation support fields. His experience base includes setting up a new business unit, a “first of its kind”, for Coopers & Lybrand, “Control & Risk Management Services” in 1987; founding in 1991, building, and successfully selling CARD®decisions, a global risk and assurance consulting and software firm, to Paisley/Thomson Reuters in 2004; serving as Paisley’s Chief Methodology Officer from 2004 -2007; and 30+ years of global experience helping clients around the world with internal audit transformation initiatives and the design, implementation, and maintenance of integrated and more powerful ERM/IA methodology and technology frameworks. He developed and successfully released CARD®map, the world’s first integrated risk and assurance software, in 1997. The web-enabled “cloud” version of CARD®map was released in 2000. Tim was the first in 2009 to develop and deliver training on IIA IPPF Standard 2120 to equip internal auditors to assess and report on the effectiveness of risk management processes. He is the author of the Conference Board Director Notes December 2012 publication “Board Oversight of Management’s Risk Appetite and Tolerance”, co-author of the highly acclaimed January 2014 “Risk Oversight: Evolving Expectations for Boards”, and most recently, “Paradigm Paralysis in ERM and Internal Audit” in the summer 2016 issue of Ethical Boardroom. His ground breaking article, “Reinventing Internal Audit”, published in the April 2015 issue of Internal Auditor magazine has attracted global recognition and was awarded a 2016 Outstanding Contribution Award from IIA global. In 2013 he launched a second generation of disruptive innovation with a breakthrough approach to risk and assurance management – “Five Lines of Assurance: Board & C-Suite Driven/Objective-centric ERM and Internal Audit”. The goal – respond to the rapid escalation in board risk oversight expectations and deliver substantially more “bang for the buck” from formal assurance spending. Leech was the recipient of IIA Canada’s first Outstanding Contributions to the Profession award at the first IIA Canada national conference in Quebec City in 2009, and is currently working with IIA Global in Florida to roll-out training on “Five Lines of Assurance/Board & C-Suite Driven/Objective Centric ERM and internal audit to CAEs, IIA National Institutes, and in-house IIA training clients around the world.
3.
© Risk Oversight
Solutions Inc. 3 Presentation Agenda Part 1: Escalating Expectations • Escalating Expectations: Regulators • Escalating Expectations: Credit Agencies • Escalating Expectations: Institutional Investors • Escalating Expectations: Director Associations • Escalating Expectations: Internal Audit & ERM Customers • IIA Response to date • The Way Forward: Five Lines of Assurance-A New Paradigm in ERM & Internal Audit
4.
© Risk Oversight
Solutions Inc. 4 Part 2 Five Lines of Assurance- A New Paradigm in ERM and IA • 5LoA Design Objectives • 5LoA Core Elements • 5LoA Key Benefits • 5LoA Examples • 5LoA Tools • 5LoA Implementation Overview Presentation Agenda
5.
© Risk Oversight
Solutions Inc. 5 Escalating Expectations: Regulators
6.
© Risk Oversight
Solutions Inc. 6 Escalating Expectations: Regulators CSA Expectations: Canadian Public Companies Material risks are required to be disclosed in regulatory filings such as an AIF or a prospectus. The way in which an issuer manages those risks may vary between industries and even between issuers within an industry according to their particular circumstances. It is important for investors to understand how issuers manage those risks. Disclosure regarding oversight and management of risks should indicate: • the board’s responsibility for oversight and management of risks, and • any board and management-level committee to which responsibility for oversight and management of risks has been delegated. The disclosure should provide insight into: • the development and periodic review of the issuer’s risk profile • the integration of risk oversight and management into the issuer’s strategic plan • the identification of significant elements of risk management, including policies and procedures to manage risk, and • the board’s assessment of the effectiveness of risk management policies and procedures, where applicable. Source: CSA STAFF NOTICE 58-306 2010 CORPORATE GOVERNANCE DISCLOSURE COMPLIANCE REVIEW December 2, 2010, page24 http://bit.ly/ezvf3O
7.
© Risk Oversight
Solutions Inc. 7 Escalating Expectations: Regulators Financial Stability Board (“FSB”) November 2013:
8.
© Risk Oversight
Solutions Inc. 8 Escalating Expectations: Regulators Financial Stability Board (“FSB”) November 2013:
9.
© Risk Oversight
Solutions Inc. 9 Escalating Expectations: Regulators Board responsibilities per FRC UK Sept 2014 Code Boards are responsible for: • determining the extent to which the company is willing to take on risk (its “risk appetite”); • ensuring that an appropriate “risk culture” has been instilled throughout the organization; • identifying and evaluating the principal risks to the company’s business model and the achievement of its strategic objectives, including risks that could threaten its solvency or liquidity; • agreeing how these risks should be controlled, managed, or mitigated;
10.
© Risk Oversight
Solutions Inc. 10 Escalating Expectations: Regulators
11.
© Risk Oversight
Solutions Inc. 11 Escalating Expectations: Regulators Integrated Risk Management Risk management cannot be practiced effectively in silos. As a result, integrated risk management promotes a continuous, proactive and systematic process to understand, manage and communicate risk from an organization-wide perspective in a cohesive and consistent manner. It is about supporting strategic decision-making that contributes to the achievement of an organization's overall objectives. It requires an ongoing assessment of risks at every level and in every sector of the organization, aggregating these results at the corporate level, communicating them and ensuring adequate monitoring and review. Integrated risk management involves the use of these aggregated results to inform decision-making and business practices within the organization. Source: TBS Guide to Integrated Risk Management May 2016
12.
© Risk Oversight
Solutions Inc. 12 Escalating Expectations: Regulators Deputy Heads Deputy Heads are responsible for managing their organization's risks by leading the implementation of effective risk management practices, both formal and informal. This includes establishing the organization's overall risk management approach and ensuring that supporting processes are in place. In doing so, Deputy Heads are encouraged to apply the principles outlined in section 2.3. A key role of the Deputy Head is to ensure that risk management principles and practices are understood and integrated into the various activities of his/her organization. Deputy Heads are also responsible for monitoring risk management practices in their organizations, as well as considering risks that arise when partnering with organizations within and external to the federal public service. This includes ensuring that issues affecting the organization's risk management approach, whether identified through assessments or internal and external monitoring, are examined, reviewed and addressed effectively. In addition, Deputy Heads play an important role in creating a learning environment that promotes continuous improvement in risk management competencies and capacity within their organization. Through their leadership, Deputy Heads foster a risk-informed organizational culture that supports risk- informed decision-making, enables dialogue on risk tolerance, focuses on results and enables the consideration of both opportunity and innovation. Source: TBS Guide to Integrated Risk Management May 2016
13.
© Risk Oversight
Solutions Inc. 13 Escalating Expectations: Regulators Generally, there are numerous tools and techniques for analyzing (e.g. workshops, surveys) and prioritizing (e.g. risk maps) risks. Organizations are encouraged to design a process that is appropriate for their own operating environment. In defining risk assessment activities within the risk management process, organizations may wish to provide direction regarding: • who should be involved in the assessment of risks; • how much rigour is required for a particular risk assessment exercise; • what type of information needs to the collected and what level of detail is required; and • how assessed risks should be documented for response purposes. Source: TBS Guide to Integrated Risk Management May 2016
14.
© Risk Oversight
Solutions Inc. 14 Escalating Expectations: Credit Agencies
15.
© Risk Oversight
Solutions Inc. 15 Escalating Expectations: Credit Agencies S&P: “We believe that successful risk culture begins with fostering open dialogue where every employee in the organization has some level of ownership of the organization's risks, can readily identify the broader impacts of local decisions, and is rewarded for identifying outsize risks to senior levels. In such cultures, strategic decision-making routinely includes a review of relevant risks and alternative strategies rather than a simple return- on-investment analysis.” (page 4)
16.
© Risk Oversight
Solutions Inc. 16 Escalating Expectations: Institutional Investors
17.
© Risk Oversight
Solutions Inc. 17 Escalating Expectations: Institutional Investors
18.
© Risk Oversight
Solutions Inc. 18 Escalating Expectations: Director Associations
19.
© Risk Oversight
Solutions Inc. 19 Escalating Expectations: IA Customers
20.
© Risk Oversight
Solutions Inc. 20 Escalating Expectations: IA Customers
21.
© Risk Oversight
Solutions Inc. 21 IIA Response to Date 2120 – Risk Management “The internal audit activity must evaluate the effectiveness and contribute to the improvement of the risk management process”
22.
© Risk Oversight
Solutions Inc. 22 IIA Response to Date
23.
© Risk Oversight
Solutions Inc. 23 IIA Response to Date
24.
© Risk Oversight
Solutions Inc. 24 The Way Forward: Reinvent Internal Audit
25.
© Risk Oversight
Solutions Inc. 25 The Way Forward: Five Lines of Assurance
26.
© Risk Oversight
Solutions Inc. 26 The Way Forward: Paradigm Shift Required
27.
© Risk Oversight
Solutions Inc. 27 5LoA Design Objectives • Redefine risk management from being seen primarily as hazard avoidance/management to a tool to increase certainty key objectives are achieved while still operating with a tolerable level of retained risk • Provide management and boards with a practical solution to meet escalating board risk oversight and risk governance expectations • Generate higher levels of management and board participation in ERM and internal audit • Put the focus and resources on top value creation and potential value erosion end result objectives
28.
© Risk Oversight
Solutions Inc. 28 5LoA Design Objectives • Transition organizations from “supply driven” to “board/demand driven” assurance • Provide a platform to “optimize” risk treatment design (i.e. lowest possible cost combination of risk treatments capable of producing an acceptable residual risk status) • Integrate the work of all assurance functions including IA, risk, safety, compliance, insurance, legal, and others
29.
© Risk Oversight
Solutions Inc. 29 5LoA Design Objectives • Elevate the stature of and value added by Internal Audit and ERM support staff • Integrate strategic planning and ERM • Engage boards and senior management defining the amount of risk assessment rigor and independent assurance. This is a key risk decision in its own right that hasn’t been sufficiently recognized • Clarify accountabilities and role of all key assurance players including the board, senior management, work units, ERM staff and internal audit • Meet emerging risk oversight expectations
30.
© Risk Oversight
Solutions Inc. 30 5LoA Core Elements Use an “OBJECTIVES REGISTER” with top value creation/strategic objectives and top potential value erosion objectives as the foundation for all ERM and internal audit work, not a “risk register” or “audit universe”
31.
© Risk Oversight
Solutions Inc. 31 5LoA Core Elements “Top potential value erosion objectives” are also called “foundation objectives” and include compliance with laws, reliable external disclosures, safety and other social responsibility objectives.
32.
© Risk Oversight
Solutions Inc. 32 5LoA Core Elements Engage senior management and the board in the process used to decide which objectives to include in the “OBJECTIVES REGISTER
33.
© Risk Oversight
Solutions Inc. 33 5LoA Core Elements Engage senior management and the board in the process used to decide “Risk Assessment Rigor” and “Independent Assurance Level”
34.
© Risk Oversight
Solutions Inc. 34 5LoA Core Elements Conscious and transparent decisions on “Risk Assessment Rigor/Rigour”
35.
© Risk Oversight
Solutions Inc. 35 5LoA Core Elements Conscious and transparent decisions on “Independent Assurance Level” NIA – No independent assurance LOW – A high level assurance review has been completed and a feedback report provided to the OWNER/SPONSOR and RISK OVERSIGHT COMMITTEE MEDIUM – An independent review has been completed to assess the completeness of risks identified, risk treatments and residual risk status information provided and a report provided to the OWNER/SPONSOR and RISK OVERSIGHT COMMITTEE HIGH – In addition to the steps defined for MEDIUM, steps have been taken to confirm the existence and effectiveness of the risk treatments identified.
36.
© Risk Oversight
Solutions Inc. 36 5LoA Core Elements Assign primary responsibility to report upwards on the residual risk status linked to each objective to a “OWNER/SPONSOR”
37.
© Risk Oversight
Solutions Inc. 37 5LoA Core Elements Consider the full range of “Risk Treatments” when completing Risk Treatment Strategy section
38.
© Risk Oversight
Solutions Inc. 38 5LoA Core Elements Focus on the acceptability of “Residual Risk Status”, specifically whether it is, or is not, within the entity’s risk appetite and tolerance
39.
© Risk Oversight
Solutions Inc. 39 5LoA Core Elements Conscious and transparent decisions on “Composite Residual Risk Rating”
40.
© Risk Oversight
Solutions Inc. 40 5LoA Core Elements After the decision on acceptability of residual risk status has been made, assess whether the Risk Treatment strategy is Optimized
41.
© Risk Oversight
Solutions Inc. 41 5LoA Core Elements Provide consolidated reports on residual risk status to the board
42.
© Risk Oversight
Solutions Inc. 42 5LoA Key Benefits • Boards are provided with a concise enterprise level report on the state of residual risk for the company’s top value creation and potential value erosion objectives • The work of the “assurance silos” including IA, risk, safety, environment, compliance, legal, insurance and others is integrated • Key information is provided to senior management and the board to assess if the current residual risk status linked to top objectives is, or is not, within the company’s risk appetite/tolerance
43.
© Risk Oversight
Solutions Inc. 43 5LoA Key Benefits • Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”) • The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities. • The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB. • The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
44.
© Risk Oversight
Solutions Inc. 44 5LoA Key Benefits • Boards are provided with a tangible vehicle to demonstrate they are actively overseeing the company’s “risk appetite framework” (“RAF”) • The process is designed to fully integrate with strategic planning, new product/service initiatives, and M&A activities. • The process provides a clear response to emerging expectations like the UK Governance Code, Canadian Securities Administrators, SEC, FSB, credit agencies, institutional investors and TSB. • The main role of internal audit is to report on the effectiveness of the risk management processes and the consolidated report on residual risk status the board receives from the CEO or his/her designate and to help the company build and maintain robust risk management processes
45.
© Risk Oversight
Solutions Inc. 45 5LoA Key Benefit to Federal Departments: Meets TSB Expectations Generally, there are numerous tools and techniques for analyzing (e.g. workshops, surveys) and prioritizing (e.g. risk maps) risks. Organizations are encouraged to design a process that is appropriate for their own operating environment. In defining risk assessment activities within the risk management process, organizations may wish to provide direction regarding: • who should be involved in the assessment of risks; • how much rigour is required for a particular risk assessment exercise; • what type of information needs to the collected and what level of detail is required; and • how assessed risks should be documented for response purposes. Source: TBS Guide to Integrated Risk Management May 2016
46.
© Risk Oversight
Solutions Inc. 46 5LoA Examples SVG Capital plc London Stock Exchange Jan 2015 Annual Report Page 29
47.
© Risk Oversight
Solutions Inc. 47 5LoA Examples Ottawa Humane Society: The first charity in the world to implement BDO/OC
48.
© Risk Oversight
Solutions Inc. 48 5LoA Examples Western University is a licensed user of Risk Oversight Solutions training tools and materials
49.
© Risk Oversight
Solutions Inc. 49 5LoA Tools
50.
© Risk Oversight
Solutions Inc. 50 5LoA Implementation Overview
51.
© Risk Oversight
Solutions Inc. 51 QUESTIONS??? Thank you timleech@riskoversightsolutions.com
Télécharger maintenant